Jun 08, 2008

Because I am looking for information on opt-in and privacy laws in Sweden, I posted a question on LinkedIn Answers. L-Soft's Outi Tuomaala pointed me to one of their webpages that contains a table that gives a basic overview of email requirements in the United States and Europe. Of course you should always check national legislation in each country/state for more detailed information.

May 16, 2008

In this article, Mark Merckler, General Counsel for UniqueLeads explains what it all means in layman's terms:

Contrary to what many believed they would do, the FTC did not shorten the time frame for honoring opt-outs. For the foreseeable future it will remain at ten (10) days.

The FTC limited acceptable opt-out procedures to simple, one step operations, requiring no more than the user supply his or her email address and preference.

The FTC modified the definition of “sender” to make it easier to determine which party is responsible for complying with the Act’s opt-out provisions.

The FTC specifically allowed the use of a USPS PO Box, or private mailbox service as meeting the “valid physical address” requirement. (Thank goodness the legal folks won’t have to negotiate this point anymore.)

The definition of “person” was expanded to clarify that the Act’s provisions apply to companies as well as individuals.

These are the most important points affecting our industry. However, the Commission’s Statement of Basis and Purpose will be published in the Federal Register in the next several weeks. It will provide a lot more guidance on what the FTC was thinking when it promulgated these new rules.

Apr 28, 2008

If we all agree that CAN-SPAM legislation is just the bare minimum that email marketers should adhere to in the US, doesn't that mean it's time the email industry lobbies for stricter legislation? In my view stricter US spam legislation (at least require prior consent before you can include someone to your mailinglist) will benefit the industry as a whole. What's your opinion on this?

Judging by the responses, you can say that this certainly is a topic that many of us feel passionate about. Here's what people said:

"Yes, legislation for the right reasons, that can actually improve email as communication channel, I agree with. Legislation to punish only the people who can be found and sued is a waste of everybody's time."

"I do think that ISP's need to be more accountable for delivery/non-delivery of messages. I would love to see legislation that says if you provide a spam complaint button, you must deliver the complaints to the sender (just like a bounce message). I would like to see legislation against black holing of messages (aka Hotmail). I would also like to see ISP's held responsible for their own networks being abused and pumping out most of the bot-net spam that occurs."

"I believe CAN SPAM either needs to evolve or be superceded by stricter anti-spam legislation. However, I'm not holding my breath for that to happen anytime soon, seeing as it took at least eight years for CAN SPAM to be generated and pass."

"The biggest disservice Can-Spam did was legitimize the concept of opt-out. If I had a dollar for every forum post or email from marketers assuming Can-Spam compliance was a carte blanche to send what was effectively spam, I'd be writing this from a laptop on a very expensive cruise. Which is why I would love to see the US switch to opt-in. Almost everywhere else has permission as part of their anti-spam legislation, and I don't see email marketing in those countries suffering as a result. After all, permission is a basic best practice."

"The problem with legislation is that those who make these rules/laws often do not know the industry as we do and this makes the outcome unpredictable. Not to mention possible other political objectives than just making the world a bit better."

It seems that most people are against making legislation stricter, because they fear that only legitimate marketers will be punished. However, I continue to believe that the industry should lobby for an opt-in legislation in the US rather than the current opt-out legislation. The need to have permission before you can legally send marketing emails to consumers is instrumental in creating a positive perception of email marketing and will help safeguard email as an effective marketing channel in the longer term. And yes, I know that having permission is only the first step (of course your emails have to be relevant etc), but it's a very important first step.

Jan 25, 2008

Over at the Email Marketer's Club recently a member posted a question which resulted in 38 heated replies. The question was, is it OK to send a one-off email to people who have bought something from you but who have not opted in to receive email?

The person who asked the question said that out of 700,000 customers, only 200,000 had checked the box which said 'I am happy to receive marketing emails from you' (or words to that effect). So that meant they were sitting on half a million email addresses and it 'seemed a waste' not to market to them. He was thinking of sending them an email (just the one!), perhaps offering a free gift by way of appeasement. It was just too tempting. Surely worth a try?

There then followed a great deal of debate and opinion, ranging roughly from 'if you do so you will be a spammer' to 'you COULD try it, but it may reflect badly on you if people complain.'

The rules about what is and isn't permissible in email marketing, in the UK at least, are not black and white. The Information Commissioner's website has guidelines on the subject.

Nevertheless, in the above case there were no grey areas. Those 500,000 people had the chance to check the box and give their permission, and they did not. That means they don't want to get emails from this company, even 'one-offs'.

Rather than risk losing the trust and loyalty of customers, not to mention your company's reputation, why not focus on those 200,000 people who have actually given their permission? They are the real goldmine, after all. Use your loyal customer base to up-sell, cross-sell and refer their friends.

Sep 06, 2007

Derek Harding wrote a great article on ClicZ today which he concludes by saying: "Absent a law requiring consent, we need a united front on consent. That means our trade groups must make it clear that opt-out is spam and spam is bad for e-mail, bad for our customers, and bad for us. They must state without equivocation or prevarication that consent is a requirement and act to ensure their members adhere to such requirements. Without these actions, we'll be in just as bad shape in 2010 as we are now."

He's saying this because "there's been a great deal of discussion lately about why, after 10 years, e-mail marketing is still struggling with the basics of deliverability and consent." And he his continues by saying that "much of the trouble we see today is of our own making. We messed up, big time."

Why? Because "back in 2003, when the federal government sought to enact anti-spam legislation, a variety of industry groups pushed for, or acquiesced to those who pushed for, weak legislation that didn't actually outlaw spam. They argued that any marketer should be permitted to send one e-mail to anyone they wished and pushed for companies being permitted to send e-mail to anyone with whom they had a prior business relationship.

The end result was the CAN-SPAM Act of 2003, nicknamed by some anti-spam activists as the "You CAN-SPAM Act" because it legitimized spam and overrode more restrictive laws in a number of states. If I had a penny for every time a marketer used the excuse "but the lawyers say it's OK" to try to send spam, my trousers would drop. Problem is, the law doesn't clearly and unambiguously require companies to obtain verifiable consent before sending e-mail to individuals."

Jun 07, 2007

J.F. Sullivan wrote an interesting post on the eec blog today about the resurgence in CAN-SPAM interest in the news recently.

He wants to remind everyone that CAN-SPAM compliance is the most negligible form of email marketing compliance that you can actually do. If you are building a program and infrastructure to effect CAN-SPAM compliance as your only goal, then by all indications you will essentially appear to be a spammer. You may ask yourself why that is, and while there are many reasons, it basically comes down to permission. CAN-SPAM doesn’t require permission from the end user while the industry at large does.

He compares it to going out on a first date. You know you need to perform a set of personal hygiene acts. CAN-SPAM compliance is akin to just brushing your teeth and throwing cold water on your face. If you hope to get a second date or even a phone call, you need to put your best foot forward. The latest threads and a bit of cologne might be in order. Aiming for the bare minimum shouldn’t be your goal and that is what CAN-SPAM is -- the bare minimum. Read the full post here.

Feb 04, 2007

1. Ignoring "unsubscribe" requests.
This may sound like a no-brainer, but if you don't stay on top of your "unsubscribe" requests, you might get an unwanted surprise from a frustrated user who gets your newsletter once too often -- getting dropped into the spam bucket of his or her email service.

2. List "repurposing."
Recycling customer email lists may be handy to the marketing department, but it could hurt your business in the end. And sharing addresses with your sister company counts, too. Symantec's Fubini says he's seen cases where a company builds up a mailing list for one product and decides to just apply that mailing list to a new, unrelated product, which can cause problems. You have to ask whether the customer really wants to hear about this second product, he says.

3. Providing unclear privacy checkbox instructions, and ignoring users' responses.
If a box is pre-checked to opt in, that may appear suspicious and unprofessional. And if the opt-out instructions are confusing or unclear, you could turn users off -- and potentially get into hot water.

Jan 24, 2007

Today I received a phishing email disguised as an eBay promotion. If it hadn't arrived in a mailbox that I never used to sign up for eBay (that was clue #1), I would definitely have fallen for their trap.

Even though I have been reading about this type of spam/phishing emails in the last couple of weeks, I was shocked to see how good these guys are in conceiving people!

Basically they sent an email announcing a price promotion on eBay.com (that was clue #2: I'm not registered on the .com site so eBay.com is not allowed to send me any emails):

I've seen phishing emails before, but the scary thing about this one is that these spammers were mimicking an actual eBay email in which an actual price promotion was announced.

Jan 10, 2007

A study carried out by data and marketing company CDMS has revealed that 31% of UK companies are not complying with the EU Directive on Privacy and Electronic Communications, more than two years after it became UK law in December 2003.

The European legislation which governs emails with private individuals, demands that companies only send unsolicited sales messages via email to non-customers if they have actively opted-in to receiving them.

Companies across industry sectors were tested to see whether they consistently offered non-customers the opportunity to opt-in to further marketing emails when their details were recorded as the result of a promotion or enquiry. These promotions appeared either on the company's own web site, through a partner company's website, in a third party e-newsletter, or as part of an advertising or direct mail campaign.

Jan 04, 2007

Janine Popick reports on her blog that the UK has updated the Companies Act 1985 to the Companies Act 2006 and has some additional requirements for email and websites.

All companies that send email from the UK need to put their registered address in the footer (instead of just a valid company address) along with their company registration number and place of registration.

Dec 08, 2006

A new series of proposed laws could make life much harder on US email marketers, if they are passed.

Several bills are simmering at the state level that could force email marketers to switch to an opt-in model, rather than the current opt-out one, according to Jim Conway, vice-president of government relations for the Direct Marketing Association, speaking at MediaPost's Email Insider Summit on Tuesday, MediaPost reports. Conway added that if these bills are successful, they could easily be the model for other states, and even the U.S. Congress.

Also, the FTC now is taking a closer look at privacy policies. At the Tech-Ade conference last month in Washington, D.C., commissioners indicated that they were concerned by a perceived lack of transparency in privacy policies, Alan Chapell, president of Chapell Associates, said. Chapell added that marketers may need to come up with new, more stringent policies to avoid government regulation.

"Now the commissioners are saying the traditional privacy policies are insufficient. Again, we're risking government regulation. So maybe we need to go above and beyond the traditional privacy policies."

Nov 20, 2006

Yesmail’s settlement with the Federal Trade Commission last week sent tremors throughout the industry as other e-mailers scrambled to figure out how the company became ensnared in the FTC’s spam-fighting apparatus and how they could avoid a similar scenario.

Though the size of the settlement was relatively small, the FTC’s press release and complaint were worded such that it was difficult to tell what happened and whether or not others are in danger of coming into the FTC’s crosshairs under similar circumstances.

According to the FTC, @Once’s spam-filtering software blocked some “reply to” unsubscribe requests from recipients as spam, resulting in @Once failing to honor those opt-out requests and sending thousands of e-mails to recipients more than 10 days after the requests, a violation of the Can-Spam Act.

The announcement raised eyebrows in the industry because it looked as if @Once was the victim of a technical glitch. The Can-Spam Act contains a provision protecting senders whose opt-out mechanism “is unexpectedly and temporarily unable to receive messages or process requests due to a technical problem beyond the control of the sender if the problem is corrected within a reasonable period of time.”

Nov 12, 2006

There's an interesting discussion going on on the MarketingProfs discussion boards after one user posted the following message:

"It seems to be the opinion of many participants in this forum that unsolicited email is not something which "reputable companies" will do. Many have suggested that marketers create content-based web sites and build an opt-in list - and many consultants who participate in this forum can help companies do just that.

Yet many who visit the forum seem to want to send unsolicted emails. Unsolicited emails are legal under certain conditions in the US. Small companies may not have the marketing budget or the time to create and maintain elaborate sites to become "thought leaders".

I'm not interested in hearing your rant about SPAM. What I am interested to know is: where do you personally draw the line, between "acceptable" unsolicted email, and "unacceptable" unsolicited email?

For example, I subscribe to eFax, and can receive FAXes for free - but as a subscriber to the service (which I highly recommend) I occasionally get an unsolicted email, which I'm happy to glance at and delete. I know that the sender must pay eFax to send the message, and I consider the companies reputable and proper for sending these.

Also, if I have my email address posted on a web site, and someone reads my web page, feels we have a reason to communicate, and sends me a short text-only email with a link to their site, I typically appreciate their efforts.

Where do you draw the line - as a sender, and as a receiver of unsolicited email?"